[Full-Disclosure] Notifying an institution about a vulnerability

["Cliff Bamford" <bamford () oz net>]

> i think you may exploit this vuln and get several SSN, and then email 
> to the institute to show the severity of your report.

In the US, doing that could get you into a ton of criminal and civil trouble
(I'm sad to say).
What steps did the original poster take to notify the institution, exactly?


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/